Apple Releases Java Update for Lion & Snow Leopard

By Bryan Chaffin

Nov 8th, 2011 6:15 PM EST

Apple released Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Tuesday, releases that bring Java SE 6 to version 1.6.0_29. That update includes fixes to several security flaws that existed in the previous version of Java.

The patch notes for the release say next to nothing about the contents of the update, but the security update notes (which haven’t yet been posted to Apple’s support site) include the following:

Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.

Those security flaws include:

CVE-2011-3389

CVE-2011-3521

CVE-2011-3544

CVE-2011-3545

CVE-2011-3546

CVE-2011-3547

CVE-2011-3548

CVE-2011-3549

CVE-2011-3551

CVE-2011-3552

CVE-2011-3553

CVE-2011-3554

CVE-2011-3556

CVE-2011-3557

CVE-2011-3558

CVE-2011-3560

CVE-2011-3561

The update you need should show in Software Update. The update for Lion is a 65.7MB download. Apple has not yet listed the downloads on its Support Downloads site, but they should appear there before the day is out.